AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-20 17:56:52 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
b1e3596416
linux_dsm_epyc7002/include
History
Anirudh Rayabharam b1e3596416 HID: usbhid: fix info leak in hid_submit_ctrl 
[ Upstream commit 6be388f4a35d2ce5ef7dbf635a8964a5da7f799f ]

In hid_submit_ctrl(), the way of calculating the report length doesn't
take into account that report->size can be zero. When running the
syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to
calculate transfer_buffer_length as 16384. When this urb is passed to
the usb core layer, KMSAN reports an info leak of 16384 bytes.

To fix this, first modify hid_report_len() to account for the zero
report size case by using DIV_ROUND_UP for the division. Then, call it
from hid_submit_ctrl().

Reported-by: syzbot+7c2bb71996f95a82524c@syzkaller.appspotmail.com
Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-06-18 10:00:03 +02:00
..
acpi
asm-generic vmlinux.lds.h: Avoid orphan section with !SMP 2021-06-16 12:01:45 +02:00
clocksource
crypto
drm
dt-bindings
keys security: keys: trusted: fix TPM2 authorizations 2021-05-14 09:50:20 +02:00
kunit
kvm
linux HID: usbhid: fix info leak in hid_submit_ctrl 2021-06-18 10:00:03 +02:00
math-emu
media
memory
misc
net net: caif: add proper error handling 2021-06-10 13:39:24 +02:00
pcmcia
ras
rdma
scsi
soc
sound
target
trace SUNRPC: Remove trace_xprt_transmit_queued 2021-05-19 10:13:03 +02:00
uapi HID: hid-input: add mapping for emoji picker key 2021-06-18 10:00:03 +02:00
vdso
video
xen